curl: ignore options asking for SSLv2 or SSLv3bagder/curl-ssl-ignored

Instead output a warning about it and continue with the defaults. These SSL versions are typically not supported by the TLS libraries since a long time back already since they are inherently insecure and broken. Asking for them to be used will just cause an error to be returned slightly later. In the unlikely event that a user's TLS library actually still supports these protocol versions, this change might make the request a little less insecure.
author: Daniel Stenberg <daniel@haxx.se> 2021-03-22 11:55:27 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2021-03-22 13:17:10 +0100
commit: 1042dfd6f89c00d4e101109dc0b1ffdb42ac994b (patch)
tree: 179a3ff71268749933882c24b4f6ad152b810fc2 /src/tool_getparam.c
parent: c915662485f8fe1e32351a8f83a4a5fe76b5bd08 (diff)
download: curl-bagder/curl-ssl-ignored.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index f1393c373..55902f98e 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1278,11 +1278,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
       break;
     case '2':
       /* SSL version 2 */
-      config->ssl_version = CURL_SSLVERSION_SSLv2;
+      warnf(global, "Ignores instruction to use SSLv2\n");
       break;
     case '3':
       /* SSL version 3 */
-      config->ssl_version = CURL_SSLVERSION_SSLv3;
+      warnf(global, "Ignores instruction to use SSLv3\n");
       break;
     case '4':
       /* IPv4 */
author	Daniel Stenberg <daniel@haxx.se>	2021-03-22 11:55:27 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2021-03-22 13:17:10 +0100
commit	1042dfd6f89c00d4e101109dc0b1ffdb42ac994b (patch)
tree	179a3ff71268749933882c24b4f6ad152b810fc2 /src/tool_getparam.c
parent	c915662485f8fe1e32351a8f83a4a5fe76b5bd08 (diff)
download	curl-bagder/curl-ssl-ignored.tar.gz